Re: SPARQL Security - Best Practices? from Brian Manley on 2008-09-02 (semantic-web@w3.org from September 2008)

From: Brian Manley <brian.manley@gmail.com>
Date: Tue, 2 Sep 2008 16:54:30 -0700
To: Richard Newman <rnewman@twinql.com>
Cc: Damian Steer <pldms@mac.com>, Semantic Web at W3C <semantic-web@w3.org>
Message-Id: <B80D10C2-0A90-412D-B4D9-2405775F3B33@gmail.com>

On Sep 2, 2008, at 4:06 PM, Richard Newman wrote:

>
>>> A couple of years ago I was working on a system that very heavily  
>>> used very complex access control. My ultimate conclusion was that  
>>> standard SPARQL was not very well suited to this kind of thing.  
>>> That's an interesting conclusion for a SPARQL implementor to draw,  
>>> but there you are :)
>>
>> Are any query languages suited to this?
>
> Probably not! I expect that any language sufficiently powerful would  
> either be a full-fledged programming language (cf. Prolog, which is  
> one of the query interfaces AllegroGraph supports, and which could  
> implement this sort of thing), or be too closely tied to an  
> implementation to be standardized.
>
> SPARQL is interesting here because features like datasets, GRAPH,  
> etc. conspire to *appear* like the components one would need to  
> build a graph-based in-query access control system, when in fact  
> they are insufficient. I've had a number of people ask about it, and  
> discussion of the pros and cons can become involved, particularly  
> for people who are "just users".
>
> Access control might be one of those things that is best left up to  
> the implementation.
>

Thanks to all for the great discussion regarding this!

I tend to agree with you on your last point. Beyond the issues you  
already pointed out, adding hidden nuances to the meaning of things  
like a graph name or altering the syntax to support this seem to be  
non-starters. Better to drive it deeper into the implementation so  
that's it's completely transparent to the end user.

In the DBMS world, things like "label security"  seem to be  
implemented primarily by automagically modifying the WHERE clause to  
filter on a column that denotes ownership. As an experiment, I think  
I'll try doing something similar by adding another column (OWNER?) to  
my store (making look like s, p, o, owner), and adding WHERE OWNER IS  
NULL OR OWNER = "XXX" to the SQL that I generate from SPARQL.

Alternately, I could just provide another triple for each resource in  
my store and only restrict at the resource level rather than the  
triple level. For example .

	:a 	dc:title 	"something";
		:owner 	:bmanley .

...and add an additional triple matching pattern to any SPARQL that  
gets executed that would include or omit it from the results.

Do those seem like reasonable approaches?

Brian

Received on Tuesday, 2 September 2008 23:55:07 UTC